From 9edea9976bd605071e0694a90d704266c0b7e0f9 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 14 Aug 2014 11:30:03 -0400
Subject: [PATCH] - Added warning in the interface when a path for a shelluser is set that is outside of the website docroot. - Added security settings feature to allow the root user of a server to control most aspects of whet the admin user of the controlpanel is allowed to do in system settings. This is especially useful for managed severs where the ispconfig admin user and the root user of the server are different persons.
---
interface/web/tools/user_settings.php | 72 ++++++++++++++++++++++--------------
1 files changed, 44 insertions(+), 28 deletions(-)
diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index eb52f58..7065888 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -38,54 +38,70 @@
* End Form configuration
******************************************/
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('tools');
+
+if($_SESSION['s']['user']['typ'] == 'admin') {
+ $app->auth->check_security_permissions('admin_allow_new_admin');
+}
// Loading classes
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
class page_action extends tform_actions {
-
+
function onLoad() {
- global $app, $conf, $tform_def_file;
+ global $app, $conf, $tform_def_file;
- // Loading template classes and initialize template
- if(!is_object($app->tpl)) $app->uses('tpl');
- if(!is_object($app->tform)) $app->uses('tform');
+ // Loading template classes and initialize template
+ if(!is_object($app->tpl)) $app->uses('tpl');
+ if(!is_object($app->tform)) $app->uses('tform');
- $app->tpl->newTemplate("tabbed_form.tpl.htm");
+ $app->tpl->newTemplate("tabbed_form.tpl.htm");
- // Load table definition from file
- $app->tform->loadFormDef($tform_def_file);
-
- // Importing ID
- $this->id = $_SESSION['s']['user']['userid'];
+ // Load table definition from file
+ $app->tform->loadFormDef($tform_def_file);
- if(count($_POST) > 1) {
- $this->dataRecord = $_POST;
- $this->onSubmit();
- } else {
- $this->onShow();
- }
- }
-
+ // Importing ID
+ $this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
+ $_POST['id'] = $_SESSION['s']['user']['userid'];
+
+ if(count($_POST) > 1) {
+ $this->dataRecord = $_POST;
+ $this->onSubmit();
+ } else {
+ $this->onShow();
+ }
+ }
+
+ function onInsert() {
+ die('No inserts allowed.');
+ }
+
function onBeforeUpdate() {
global $app, $conf;
-
- if($_POST['passwort'] != $_POST['passwort2']) {
- $app->tform->errorMessage = 'The passwords in the second password field does not match the first password.';
+
+ if($conf['demo_mode'] == true && $this->id <= 3) $app->tform->errorMessage .= 'This function is disabled in demo mode.';
+
+ if($_POST['passwort'] != $_POST['repeat_password']) {
+ $app->tform->errorMessage = $app->tform->lng('password_mismatch');
}
-
+ if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+ $_SESSION['s']['user']['language'] = $_POST['language'];
+ $_SESSION['s']['language'] = $_POST['language'];
+ } else {
+ $app->error('Invalid language.');
+ }
}
-
-
+
+
}
$page = new page_action;
$page->onLoad();
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1